IPSEC tunnel backup for point to point link

khantn · ‎03-23-2025

Fotigate IPSECBAckup.png

I have created a IKEv2 sit to site tunnel between fortigates using loopback addresses on Port 1. I also have a 10Gbps point to point link between two sites on port12 which is used a primary connection. I want to use Ipsec tunnel as a backup connection so that if point to point link is failed all ip traffic is switched over IPSec tunnel.

Following is my config. Can some one suggest a solution for this scenario.

set name "Traffic_for_loopback_IPSEC"

set uuid f5a16342-7b79-51ef-6e44-02c65af6bb78

set srcintf "loopback_FG1" "port1"

set dstintf "loopback_FG1" "port1"

set action accept

set srcaddr "h-10.10.11.1-32" "h-10.10.9.1-32"

set dstaddr "h-10.10.9.1-32" "h-10.10.11.1-32"

set schedule "always"

set service "ESP" "IKE"

edit "IPsec_to_FG2"
set interface "loopback_FG1"
set ike-version 2
set peertype any
set net-device disable

set proposal aes128-sha256
set remote-gw 10.10.11.1
set psksecret XXXX

next
end

TK

Atul_S · ‎03-23-2025

Hi There,

Since you consider using a P2P link as primary, tweak the AD in case of static route or other route manipulations for OSPF/BGP and config link monitoring. Refer to the link https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/723056/link-monitoring-and-failover

Thanks

Atul Srivastava

IPSEC tunnel backup for point to point link

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website